CVE-2025-12464Stack-based Buffer Overflow in Qemu

CWE-121Stack-based Buffer OverflowCWE-416Use After Free9 documents7 sources
Severity
6.2MEDIUMNVD
OSV5.5
EPSS
0.0%
top 88.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
QemuDebian QemuMsrc Azl3 Qemu 8.2.0-21 ON Azure Linux 3.0+5 more
Timeline
PublishedOct 31
Latest updateMar 4

Description

A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loopback mode. This could lead to a buffer overrun in the e1000_receive_iov() function via the loopback code path. A malicious guest user could use this vulnerability to crash the QEMU process on the host, resulting in a den

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages9 packages

debiandebian/qemu< qemu 1:10.1.3+ds-1 (forky)
Debianqemu/qemu< 1:10.0.7+ds-0+deb13u1+1
Ubuntuqemu/qemu< 1:6.2+dfsg-2ubuntu6.28+2

🔴Vulnerability Details

3
OSV
qemu vulnerabilities2026-03-04
GHSA
GHSA-59fq-gggw-pqjr: A stack-based buffer overflow was found in the QEMU e1000 network device2025-11-01
OSV
CVE-2025-12464: A stack-based buffer overflow was found in the QEMU e1000 network device2025-10-31

📋Vendor Advisories

5
Ubuntu
QEMU vulnerabilities2026-03-04
Microsoft
Qemu-kvm: stack buffer overflow in e1000 device via short frames in loopback mode2025-10-14
Red Hat
qemu-kvm: Stack buffer overflow in e1000 device via short frames in loopback mode2025-07-17
Debian
CVE-2025-12464: qemu - A stack-based buffer overflow was found in the QEMU e1000 network device. The co...2025
Microsoft
usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference aka CID-056ad39ee925.2020-04-14